Our specialist who works on the trace rout department

So from last night sometime, I couldn’t get at my email server. Nobody here could. From another net it worked fine. So I figure I need to talk to Bluehost.com, the hoster. I had a chat earlier today that I had to cut short due to other things. And due to me being close to completely losing it. So this is act II. The only thing that kept me sane during this hour-long confrontation with inanity was the thought of publishing it here. So here you are. Bluehost support in all its glory.

BTW, I had a hard time deciding if I should go with the current subject line or maybe “It will not be removed from blackhole”. Both are pretty good, I think. You’ll see why.

Oh, and the “3-point program” is repeated my Manish further down the dialog, so you’ll see it there.

Enjoy.

Chat ID: 31908570

Initial Question: Hi, I’d like you to please unblacklist my network. The IP I need you to unlist is 109.228.nnn.nnn. I’ve gone through your 3-point program, nothing found. I do, however, suspect I know what’s happened. One of my machines had a corrupt email database and reloaded the whole thing, around 150,000 mails. It would have been very helpful if you could have confirmed that it was an IMAP overload, but I gather you can’t do that. Right? I’d also like to know how long it takes your blacklist to time out, i.e. how long it takes until a network is unlisted again without me having to ask you to. Martin

7:51:11 Manish Hello Martin, thank you for contacting support.My name is Manish. Sorry for the wait time.

7:51:21 Manish Are you looking to blacklist the IP?

7:52:30 Martin No, to remove it from the blacklist.

7:52:56 Manish Okay, let em check. Could I please get the primary domain name and the last 4 characters of your hosting / cPanel password for ownership verification purpose?

7:53:31 Martin ursecta.com … xxxx

7:53:51 Manish Thank you for Validating!

7:54:48 Manish Okay, I could see that the IP 109.228.nnn.nnn is not blacklisted.

7:56:03 Martin Earlier today someone else at your support said it was. And I still can’t connect from that IP. So what’s going on, then?

7:56:29 Manish You can check it in this link : http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a109.228.nnn.nnn&run=toolpage

7:57:49 Martin Ah, I see. You misunderstand me. My IP is blackholed at your server, so I can’t access ursecta.com through any protocols. I’m not talking about SMTP blacklisting.

7:58:33 Manish Okay, let me check this.

7:59:01 Manish Did you scan the local computer and also did you reset the Wifi password ?

7:59:42 Martin Yes, I did all those things. Got the list earlier today. Nothing there. As I said, the explanation is almost certainly the rebuild of my 150,000 emails yesterday.

8:00:13 Manish Can you please confirm the local IP using this link : http://www.bluehost.com/ip

8:09:57 Manish Sorry it is taking time.
8:10:16 Manish I need to contact to our specialist and I am waithing for the response from them.

8:10:29 Martin No problem. I’ll wait.

8:11:09 Manish Thanks!
8:16:39 Manish Still working on this.

8:16:47 Martin Ok

8:20:26 Manish Okay, To remove blackhole: Before we un-blackhole them, they need to get started on these things: 1. Scanning all computers/devices that use that router for malware. 2. Securing the wireless access point on the router (if it has one) or changing it’s password. 3. Asking the people that connect to that router if they’re running anything automated or manually doing things repeatedly that might have connected too many times and gotten them blocked. Please note that a lot of issues will come from ftp or email clients that have bad credentials for connecting to our server. They will continue to try and connect over and over resulting in us blocking the ip. They should also make sure that if they use ftp or emails clients that their settings are all correct. They might want to shut down those programs as well. Once they have taken those 3 steps, they should contact us back so we can unblock their IP address. They will also want to take note of any issues they corrected on their machines as if they don’t make any changes there is a good chance the problem is not fixed and they will get banned again.

8:22:04 Manish One moment, our specialist have told me that all the process has not been completed.

8:22:26 Martin And what part would that be?

8:22:44 Manish I have asked them one moment
8:26:13 Manish okay as above we need the results. scan reset and as above provide the results of the scans from that IP

8:26:52 Martin Results? Of what?

8:28:39 Manish We will get one result when we trace out the IP. So to get that result you need to scan for the computer of the IP you have provided and then after scanning need to reset the wifi password. So once you scan please contact us after some time.

8:30:35 Martin That, if I may be so bold, doesn’t compute. It’s a router. The router has been checked, password changed. There are several computers behind that router. Most are OS X, or iOS. The OSX machines have Little Snitch, which is an outbound firewall and which has no abnormal traffic in its logs. The one Windows machine I have, I scanned with AVG, no problems.

8:31:07 Martin Even more, I already told you what caused the trip of the blackhole: the rebuild of 150,000 emails. Which is your point 3.

8:32:12 Manish Yes, But when we conduct the tracerout we got the error and it says that the local IP is not scanned properly. they need to scan it again and reset the wifi passwords.

8:33:22 Martin That, again, is simply impossible. You can’t get an error on a traceroute. In particular you can’t get trace route to tell you anything about what I’m scanning on my local network. That’s simply not how networking works. There is something deeply wrong with this explanation.

8:35:03 Manish Please make sure that you have scanned the systems. because our specialist who works on the trace rout department is not getting the accurate traceroute result.

8:37:11 Martin He’s not getting my router on traceroute (the last hop) because I don’t allow pings from the outside. Which is normal if you’re a little wee security concious. He should know that. And not getting a ping has nothing to do with scans for malware. He is, however, getting to bahnhof.se upstream router (79.136.43.145) which is enough for this purpose. The simplest thing is to lift the block and I’ll let you know if that’s done. Takes me three seconds.

8:38:42 Manish OKay

8:39:04 Martin You know what… I just lowered my security for you. Now he should see pings and traceroutes.

8:39:55 Manish Let me check it out again. SO it will take some time for to connect them. Please be on hold.

8:47:25 Martin YES! Thank you. It’s pinging!

8:48:19 Manish Yes, it is done now.

8:48:20 Martin One question: after how long does the blackhole go away if you don’t intervene? Any idea?